diff options
Diffstat (limited to 'common/src/main/java/org/onap/so/security/CorsBasicHttpSecurityConfigurer.java')
-rw-r--r-- | common/src/main/java/org/onap/so/security/CorsBasicHttpSecurityConfigurer.java | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/common/src/main/java/org/onap/so/security/CorsBasicHttpSecurityConfigurer.java b/common/src/main/java/org/onap/so/security/CorsBasicHttpSecurityConfigurer.java new file mode 100644 index 0000000000..27c998f87d --- /dev/null +++ b/common/src/main/java/org/onap/so/security/CorsBasicHttpSecurityConfigurer.java @@ -0,0 +1,33 @@ +package org.onap.so.security; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Profile; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.stereotype.Component; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; +import java.util.Arrays; + +@Component("cors") +@Profile({"cors"}) +public class CorsBasicHttpSecurityConfigurer implements HttpSecurityConfigurer { + + @Override + public void configure(final HttpSecurity http) throws Exception { + http.cors().and().csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() + .antMatchers("/**").fullyAuthenticated().and().httpBasic(); + } + + @Bean + CorsConfigurationSource corsConfigurationSource() { + CorsConfiguration configuration = new CorsConfiguration(); + configuration.setAllowedOrigins(Arrays.asList("*")); + configuration.setAllowedMethods(Arrays.asList("OPTIONS", "GET", "POST", "PATCH")); + configuration.setAllowCredentials(true); + configuration.setAllowedHeaders(Arrays.asList("*")); + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", configuration); + return source; + } +} |